Skip Ribbon Commands
Skip to main content
Computer Emergency Response Team of Mauritius (CERT-MU)


Apache Tomcat HTTP Connector Send File Processing Cache Error Lets Remote Users Obtain Potentially Sensitive Information on the Target System
Severity Rating: Medium
Systems Affected:
  • Apache Tomcat version 8.5.0 to 8.5.12, 9.0.0.M1 to 9.0.0.M18
A vulnerability was reported in Apache Tomcat and can be exploited by remote attackers to obtain potentially sensitive information on the vulnerable system. The vulnerability exists due to an error which occurred in the HTTP connectors send file processing, causing the invoked Processor to be added to the cache twice. As a result, a remote user may view potentially sensitive information from the wrong response.
Users are advised to apply updates.
More information is available on:
Vendor Information
Security Tracker
Tomcat Apache
Contact Information
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis